×
Wherever possible, do not use it to allow bypassing CSRF protection. Since Jenkins 2.96, requests using Basic authentication providing an API token do not need ...
Missing: book/ | Show results with:book/
Responses to POST requests that do not set a CSRF crumb/token may in very rare cases change in unexpected ways due to the fix for SECURITY-1774.
Missing: book/ | Show results with:book/
Jan 24, 2024 · The "Resource Root URL" functionality is enabled (see documentation). ... Remote code execution via CSRF protection bypass ... Content-Security- ...
Missing: book/ | Show results with:book/
... CSRF token (crumb) since Jenkins 2.96. To disable ... Learn more: https://jenkins.io/redirect/stapler-facet-restrictions ... jenkins.security.stapler.
Missing: book/ | Show results with:book/
Jul 12, 2023 · mabl Plugin 0.0.47 defines the appropriate context for credentials lookup. CSRF vulnerability and missing permission checks in mabl Plugin allow ...
Missing: book/ | Show results with:book/
Aug 16, 2023 · Descriptions. CSRF vulnerability in Folders Plugin may approve unsandboxed scripts. SECURITY-3106 / CVE-2023-40336. Severity (CVSS): High
Missing: book/ | Show results with:book/
Authentication (users prove who they are) is done using a security realm. The security realm determines user identity and group memberships.
https://jenkins.io. Description: Allows tweaking ... Restore the ability to disable CSRF protection after the UI for doing so was removed from Jenkins 2.222.
May 12, 2024 · Add a new Reply URL https://{your_jenkins_host}/ ... io/doc/book/security/access-control/disable/) ... CSRF protection for any URL can be bypassed.
Sep 6, 2023 · Description: Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict a name query parameter when rendering a history ...
Missing: book/ | Show results with:book/